npmgraph
randomUUID
| npmgraph | randomUUID | |
|---|---|---|
| 19 | 1 | |
| 661 | 15 | |
| 1.7% | - | |
| 7.7 | 0.0 | |
| 11 days ago | over 2 years ago | |
| TypeScript | JavaScript | |
| MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
npmgraph
-
Node.js can now execute TypeScript files
You don't think depending on dozens or even hundreds of NPM packages with a single maintainer is an issue?
Just as an example, Express depends on 25 modules with a single maintainer.
https://npmgraph.js.org/?q=express
Obviously a router is a fraction of what's needed for any non trivial backend project.
- Show HN: Time Travel with Your SQL
-
The Front End Treadmill
It's not a frontend problem but a JS-ecosystem problem. Happens in the backend too.
The JS landscape is an absolute mess where dependencies have dozens if not hundreds of other dependencies. As an example, this is the dependency graph of Platformatic (a Node framework based on Fastify):
https://npmgraph.js.org/?q=platformatic#zoom=h
Each of those dependencies could be abandoned at any moment. Even huge dependencies like Axios or Express seemed to have been abandoned at one point.
And then each dependency is ruled by whatever their maintainers think is right. Just the other day a dependency I use in prod with aprox 25M downloads per week (React is aprox 26M) and used by 10M Github repos decided it was ok to drop support for Safari versions from about 3 years ago. It's just insane considering Safari has +50% mobile market share in the US.
-
Popular GitHub Action tj-actions/changed-files is compromised
In recent years, it's started to feel like you can't trust third-party dependencies and extensions at all anymore. I no longer install npm packages that have more than a few transitive dependencies, and I've started to refrain from installing vscode or chrome extensions altogether.
Time and time again, they either get hijacked and malicious code added, or the dev themselves suddenly decides to betray everyone's trust and inject malicious code (see: Moq), or they sell out to some company that changes the license to one where you have to pay hundreds of dollars to keep using it (e.g. the recent FluentAssertions debacle), or one of those happens to any of the packages' hundreds of dependencies.
Just take a look at eslint's dependency tree: https://npmgraph.js.org/?q=eslint
Can you really say you trust all of these?
-
JavaScript Fatigue Strikes Back
NestJS is probably the closest thing to a Rails-like framework in JS. Also Platformatic by the creator of Fastify.
Still, the dependency entanglement in JS is just crazy. This is the dependency graph of Platformatic:
https://npmgraph.js.org/?q=platformatic#zoom=h
AFAIK there's no JS framework that solved the whole thing and doesn't depend on other packages.
I don't know why JS devs historically have an aversion to frameworks. Maybe the author of the article is right and this is caused by preventing heavy bloated JS apps in the browser.
In any case, after 10 years of Node in the backend, I'm done with it.
-
The tragedy of trying to run an old node project
Lots of people taking general pot shots at different languages and ecosystems.
But OP was trying to install gatsby on a different node target. It's not some little library. These kinds of massive libraries break all the time: https://npmgraph.js.org/?q=gatsby
-
Rewriting Rust
React and react-dom are peer dependencies (npmgraph lists them but doesn't graph them visually). The actual full installation command is: `npm install next@latest react@latest react-dom@latest`[1]. Even if you include react and react-dom, the dependency graph still looks tolerable to me: https://npmgraph.js.org/?q=next%4014.2.13%2C+react%4018.3.1%...
[1] https://nextjs.org/docs/getting-started/installation#manual-...
- Iso20022.js: Create payments in 3 lines of code
-
Panda CSS: build time and type-safe CSS-in-JS
This looks a lot better than I expected.
One thing that bugs me about this (and Tailwind) is the number of dependencies they pull in. Panda has 152 nodes (239, if you count their dev-dependencies)[0].
Tailwind has 98 (594 if you count their dev-dependencies).
I know they're only dev-dependencies, but still... I've got all of that code running on my machine, just to process CSS. I really don't love it.
[0] https://npmgraph.js.org/?q=%40pandacss%2Fdev
-
List all dependencies from package-lock.json without npm: Vet my code!
This is what I came up with. I get 514. I got 496 here https://npmgraph.js.org/. I'm curious what you get using npm and/or yarn, or other tool.
randomUUID
-
Should I be using TypeORM for a large scale project?
Embrace the people who want to help: The number of people who are willing to make meaningful contributions to a project is always shockingly low, even for popular projects, but they are out there. The key is to recognize them and empower them so they're willing to stick around and continue to help. When such people do turn up, get them on your team.
What are some alternatives?
plv8 - V8 Engine Javascript Procedural Language add-on for PostgreSQL
uuid - Generate RFC-compliant UUIDs in JavaScript
formula - Web Component + Library for Zero Config Interactive and Reactive HTML5 forms
TypeORM - ORM for TypeScript and JavaScript. Supports MySQL, PostgreSQL, MariaDB, SQLite, MS SQL Server, Oracle, SAP Hana, WebSQL databases. Works in NodeJS, Browser, Ionic, Cordova and Electron platforms.
unknown-pleasures - Visualize your microphone with Joy Division's pulsar.
node-redis - Redis Node.js client